Web services have developed in recent years as a way to increasingly connect people, information, and processes. One of the benefits of Web services is the ability of Web services to operate across multiple platforms and the ease at which modifications can be made to a Web service. One of the reasons that Web services have been so successful is the use of XML as a standard and universal language for representing and transmitting structured data that is independent of programming language, software platform, and hardware.
There are many situations in which it is desirable to protect Web service resources, such that the resources may only be accessed or used by the appropriate people or systems. Conventional methods for protecting Web service resources focus on authentication, and in particular focus on defining trust relationships. Conventional systems often allow any person or device accessing the Web service from a trusted location to access to the Web service and associated resources. These conventional systems do not provide a way for a third party to provide authorization for a particular request to access or use a Web service. Rather, Web services are often configured to trust anyone communicating from a trusted location. These and other problems are addressed by various embodiments according to the present disclosure.